P
US9641509B2ActiveUtilityPatentIndex 58

Enterprise authentication server

Assignee: CA INCPriority: Jul 30, 2015Filed: Jul 30, 2015Granted: May 2, 2017
Est. expiryJul 30, 2035(~9.1 yrs left)· nominal 20-yr term from priority
Inventors:PACHOURI RAJENDRA KUMAR
H04L 63/08H04L 63/0807H04L 63/0884H04L 63/0815H04L 67/42H04L 67/01
58
PatentIndex Score
2
Cited by
21
References
15
Claims

Abstract

In a computer-implemented authentication method, a first authentication request from a first machine is received at an authentication server. The first authentication request includes an identification of a second machine that is to provide a requested service. An authentication token including client-specific and server-specific portions is generated at the authentication server, responsive to receiving the first authentication request from the first machine. An authentication identifier and the server-specific portion of the authentication token are transmitted from the authentication server to the second machine, responsive to receiving the first authentication request from the first machine. A second authentication request, including the authentication identifier and both the server-specific and the client-specific portions of the authentication token, is received at the authentication server from the second machine. An authentication status for the requested service is determined at the authentication server, responsive to receiving the second authentication request from the second machine.

Claims

exact text as granted — not AI-modified
The invention claimed is: 
     
       1. A computer-implemented authentication method, comprising:
 performing operations as follows by a processor of an authentication server: 
 receiving, at the authentication server from a first machine, a first authentication request comprising an identification of a second machine that is to provide a requested service; 
 generating, at the authentication server, an authentication token comprising client-specific and server-specific portions, responsive to receiving the first authentication request from the first machine; 
 transmitting, from the authentication server to the second machine, an authentication identifier and the server-specific portion of the authentication token, responsive to receiving the first authentication request from the first machine, wherein the server-specific portion is not transmitted to the first machine from the authentication server; 
 receiving, at the authentication server from the second machine, a second authentication request comprising the authentication identifier, the server-specific portion of the authentication token, and the client-specific portion of the authentication token; 
 determining, at the authentication server, an authentication status for the requested service, responsive to receiving the second authentication request from the second machine; 
 receiving, at the authentication server from the first machine, a third authentication request comprising the authentication identifier, responsive to determining the authentication status; and 
 responsive to determining the authentication status and responsive to receiving the third authentication request, transmitting, from the authentication server to the first machine, an acknowledgment comprising the authentication identifier and the authentication status for the requested service, wherein the acknowledgment from the authentication server indicates whether a response for the requested service, which is received by the first machine, is authentic. 
 
     
     
       2. The computer-implemented authentication method of  claim 1 , wherein generating the authentication token comprises:
 generating a randomly-encrypted token; and 
 dividing the randomly-encrypted token into a first part comprising the client-specific portion and a second part comprising the server-specific portion, 
 wherein the client-specific portion of the authentication token is not transmitted to the second machine from the authentication server. 
 
     
     
       3. The computer-implemented authentication method of  claim 2 , further comprising performing operations as follows by the processor:
 transmitting, from the authentication server to the first machine, the authentication identifier and the client-specific portion of the authentication token, responsive to receiving the first authentication request, 
 wherein receiving the second authentication request from the second machine is responsive to transmitting the client-specific portion of the authentication token to the first machine. 
 
     
     
       4. The computer-implemented authentication method of  claim 1 , further comprising performing operations as follows by the processor:
 transmitting, from the authentication server to the second machine, an authentication response comprising the authentication status responsive to determining thereof, 
 wherein receiving the third authentication request from the first machine is responsive to transmitting the authentication response to the second machine. 
 
     
     
       5. The computer-implemented authentication method of  claim 4 , wherein determining the authentication status comprises:
 comparing the server-specific and the client-specific portions of the authentication token received from the second machine in the second authentication request with the authentication token generated at the authentication server responsive to receiving the first authentication request; 
 determining the authentication status as positive responsive to a match indicated by the comparing; and 
 determining the authentication status as negative responsive to an absence of the match indicated by the comparing. 
 
     
     
       6. The computer-implemented method of  claim 5 , wherein the acknowledgment comprising the authentication status as positive indicates authorization for the first machine to accept the response for the requested service from the second machine. 
     
     
       7. The computer-implemented method of  claim 6 , wherein the authentication response comprising the authentication status as positive indicates authorization for the second machine to provide the response for the requested service to the first machine. 
     
     
       8. A computer system, comprising:
 a processor; and 
 a memory coupled to the processor, the memory comprising computer readable program code embodied therein that, when executed by the processor, causes the processor to perform operations comprising: 
 receiving, from a first machine, a first authentication request comprising an identification of a second machine that is to provide a requested service; 
 generating an authentication token comprising client-specific and server-specific portions responsive to receiving the first authentication request comprising the identification of the second machine; 
 transmitting, to the second machine, an authentication identifier and the server-specific portion of the authentication token, responsive to receiving the first authentication request from the first machine, wherein the server-specific portion of the authentication token is not transmitted to the first machine by the processor; 
 receiving, from the second machine, a second authentication request comprising the authentication identifier, the server-specific portion of the authentication token, and the client-specific portion of the authentication token; 
 determining an authentication status for the requested service responsive to receiving the second authentication request comprising the authentication identifier, the server-specific portion of the authentication token, and the client-specific portion of the authentication token; 
 receiving, from the first machine, a third authentication request comprising the authentication identifier, responsive to determining the authentication status; and 
 responsive to determining the authentication status and responsive to receiving the third authentication request, transmitting, to the first machine, an acknowledgment comprising the authentication identifier and the authentication status for the requested service, wherein the acknowledgment verifies whether a response for the requested service, which is received by the first machine, is authentic. 
 
     
     
       9. The computer system of  claim 8 , wherein generating the authentication token comprises:
 generating a randomly-encrypted token; and 
 dividing the randomly-encrypted token into a first part comprising the client-specific portion and a second part comprising the server-specific portion, 
 wherein the client-specific portion of the authentication token is not transmitted to the second machine by the processor. 
 
     
     
       10. The computer system of  claim 9 , wherein, when executed by the processor, the computer readable program code further causes the processor to perform operations comprising:
 transmitting, to the first machine, the authentication identifier and the client-specific portion of the authentication token, responsive to receiving the first authentication request therefrom, 
 wherein receiving the second authentication request from the second machine is responsive to transmitting the client-specific portion of the authentication token to the first machine. 
 
     
     
       11. The computer system of  claim 8 , wherein, when executed by the processor, the computer readable program code further causes the processor to perform operations comprising:
 transmitting, to the second machine, an authentication response comprising the authentication status responsive to determining thereof, 
 wherein receiving the third authentication request from the first machine is responsive to transmitting the authentication response to the second machine. 
 
     
     
       12. A computer program product comprising:
 a non-transitory computer readable storage medium comprising computer readable program code embodied in the medium, which, when executed by a processor, causes the processor to perform operations comprising: 
 receiving, from a first machine, a first authentication request comprising an identification of a second machine that is to provide a requested service; 
 generating an authentication token comprising client-specific and server-specific portions responsive to receiving the first authentication request comprising the identification of the second machine; 
 transmitting, to the second machine, an authentication identifier and the server-specific portion of the authentication token, responsive to receiving the first authentication request from the first machine, wherein the server-specific portion of the authentication token is not transmitted to the first machine by the computer readable program code when executed by the processor; 
 receiving, from the second machine, a second authentication request comprising the authentication identifier, the server-specific portion of the authentication token, and the client-specific portion of the authentication token; 
 determining an authentication status for the requested service responsive to receiving the second authentication request comprising the authentication identifier, the server-specific portion of the authentication token, and the client-specific portion of the authentication token; 
 receiving, from the first machine, a third authentication request comprising the authentication identifier, responsive to determining the authentication status; and 
 responsive to determining the authentication status and responsive to receiving the third authentication request, transmitting, to the first machine, an acknowledgment comprising the authentication identifier and the authentication status for the requested service, wherein the acknowledgment verifies whether a response for the requested service, which is received by the first machine, is authentic; 
 receiving, from the first machine, a third authentication request comprising the authentication identifier, responsive to determining the authentication status; and 
 responsive to determining the authentication status and responsive to receiving the third authentication request, transmitting, to the first machine, an acknowledgment comprising the authentication identifier and the authentication status for the requested service, wherein the acknowledgment verifies whether a response for the requested service, which is received by the first machine, is authentic. 
 
     
     
       13. The computer program product of  claim 12 , wherein generating the authentication token comprises:
 generating a randomly-encrypted token; and 
 dividing the randomly-encrypted token into a first part comprising the client-specific portion and a second part comprising the server-specific portion, 
 wherein the client-specific portion of the authentication token is not transmitted to the second machine by the computer readable program code when executed by the processor. 
 
     
     
       14. The computer program product of  claim 13 , wherein, when executed by the processor, the computer readable program code further causes the processor to perform operations comprising:
 transmitting, to the first machine, the authentication identifier and the client-specific portion of the authentication token, responsive to receiving the first authentication request therefrom, 
 wherein receiving the second authentication request from the second machine is responsive to transmitting the client-specific portion of the authentication token to the first machine. 
 
     
     
       15. The computer program product of  claim 14 , wherein, when executed by the processor, the computer readable program code further causes the processor to perform operations comprising:
 transmitting, to the second machine, an authentication response comprising the authentication status responsive to determining thereof; 
 wherein receiving the third authentication request comprises receiving the third authentication request responsive to transmitting the authentication response to the second machine.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.